Where is financial crime risk (FCR) on your board agenda?

Posted: 13th July 2016

I feel financial crime is not always receiving the level of attention it requires at board level.

Most recent FCA work cites the need for a risk-based approach (MDL4 and the Money Laundering and Terrorist Finance Action Plan being chief exponents of this in financial crime), but without an FCA definition of what this looks like, it’s unsurprising that firms’ individual approaches can vary.

However, one thing is for sure – the challenges of financial crime risk cannot be shied away from, and action is required to bring more effective FCR discussions into boardrooms across the industry.

The wide reach of financial crime

FCR covers a wide spectrum of challenges for firms – money laundering, politically exposed persons, sanctions, customer fraud, internal fraud, cyber-crime and data theft. In turn, all of these challenges cover the breadth of financial services from banking to insurance, pensions, wealth and asset management and consumer credit.

In total, financial crime cost the UK economy a staggering £52bn last year – with an estimated 88% of losses going unreported and 55% of all financial services firms experiencing at least one form of financial crime in the last 12 months.

There are many stories that will send a chill down the spine of any board member, but two in particular that always come up in discussion are HSBC's £1.2bn settlement with the US Senate for poor anti-money laundering controls and the cyber-attack on Talk Talk and loss of 160,000 customers' personal details including bank account and credit card details. 

Given the scale of financial crime-related losses to UK business and the precedent set by regulatory fines, there is no doubt financial crime must be given the appropriate level of attention from the top for both commercial and social reasons.

Achieving the right FCR environment

Most firms will know first-hand the benefits of having a robust financial crime control environment:

• Avoiding regulatory intervention (especially given regulators' view of financial crime)
• Protecting your customers from fraud and loss
• Preventing business losses, especially during a time of more challenging financial performance and need for tighter cost controls to maximise profitability 
• Protecting your long-term brand reputation and customers' trust in your firm

However, improving your financial crime environment is far from a straightforward challenge. There is little guidance offered by the FCA as to the exact measures firms must take to ensure their approach is ‘risk-based’, and which rules firms must abide by are dependent on the jurisdictions in which they operate.

All this being so, in terms of headlines, what actions should you be taking as a board to ensure financial crime is given the right level of attention in the boardroom? 

FCR Risk Assessment

As strategic decision makers, you should ensure your MLRO has completed a firm-wide financial crime risk assessment and reported their findings to the Board or Risk Committee. Having documentary evidence that risk assessments have taken place (and appropriate actions have been completed as a result) will greatly assist commercial decisions and help you articulate your methods to the regulator in case of scrutiny.

On this topic, how engaged is the board with the findings of their MLRO and Risk Committee? As well as assessing periodically, do your risk experts have clear routes through which to raise ad-hoc concerns? Are there any obstacles to having open conversations about regulatory concerns within your firm?

FCR Control Environment

Using the risk assessment, document and update your financial crime policies and controls and cascade these to the business. Board members will naturally view regulatory concerns through a ‘commercial lens’, and having a documented risk assessment and clear risk appetite will allow you as a board to strike a balance between regulation and commerciality here (the founding principle of the risk-based approach).

Ensure clarity as to who 'owns' financial crime risk at Non-Executive level. The owner can then be an advocate for the compliance experts in your firm, ensuring healthy ‘regulatory’ challenge at board level for commercial decisions, and vice versa. As a minimum, financial crime should be discussed at Risk Committee, with any significant items taken to the main board.

FCR KPIs and MI

Create straightforward KPIs for your financial crime environment and a comprehensive (yet not overly granular) suite of FCR MI for the Executive and Non-Executive members of the board.

When it comes to examining FCR MI, can you see opportunities to take the discussion away from pure data? Can you engage with risk experts in order to provide more of a narrative to the regulatory concerns they have? In doing this, the implications of regulation can be made clearer and commercial decisions more robustly justified.

FCR Response Plan

Finally, using scenario planning, create a flexible response plan with pre-agreed escalation levels and responses depending on the issue and materiality. This will ensure that your reaction to issues is considered, robust and proportionate.

Clear challenges; clear rewards

In summary, operating in financial services offers many challenges, and financial or economic crime is certainly growing in its importance and potential impact on firms.

For many firms, financial crime risk needs some short-term prioritised attention, and the four action points above will go a long way to reducing your risk levels and protecting your firm and customers.

Of course, mitigating FCR will also be a long-term challenge for the industry as the methodologies of criminals (and in turn, both regulation and legislation) evolve. However, the points above represent an effective method for those boards who wish to dive deeper into the current state of financial crime management in their firms.